<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php


include "connection.php";

$user_id = $_POST['user_id'];
$user_password = $_POST['user_password'];
$user_password = md5($user_password);


$table = "user";
$query = mysql_query("SELECT COUNT(nid) FROM $table where user_id ='$user_id'");
$sum = mysql_result($query, 0);

if($sum==0){
    echo "<script language='javascript'>alert('会员号错误或不存在！');location='/';</script>";
}else{
    $result = mysql_query("select * from $table where user_id ='$user_id'");

    while ($row = mysql_fetch_array($result)) {
        $user_name = $row['user_name'];
        $user_id = $row['user_id'];
        $user_term = $row['user_term'];
        $department = $row['department'];
        $balance = $row['balance'];
        $password = $row['password'];
        $quanxian = $row['quanxian'];
    }

    if ($user_password == $password) {
        session_start();
        $_SESSION['userid'] = $user_id;
        $_SESSION['username'] = $user_name;
        $_SESSION['userterm'] = $user_term;
        $_SESSION['department'] = $department;
        $_SESSION['balance'] = $balance;
        $_SESSION['quanxian'] = $quanxian;

        if(
            ( $_SESSION['userid']=="1000") || ( $_SESSION['userid']=="1001") || ( $_SESSION['userid']=="1002")
          )
        {
            echo "<script language='javascript'>location='/admin_statistics.php';</script>";
        }

        echo "<script language='javascript'>location='/m/order.php';</script>";



    } else {
        echo "<script language='javascript'>alert('密码错误！');location='/';</script>";
    }

}


?>
</body>
</html>